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APPELLANTS' BRIEF ON APPEAL 

L REAL PARTY IN INTEREST; 

The real party in interest in this appeal is Lucent Technologies Inc. 
Assignment of the application was submitted to the U.S. Patent and Trademark 
Office on September 29, 2000, and recorded on the same date at Reel 01 1 176, 
Frame 0834. 

II. RELATED APPEALS AND INTERFERENCES; 

There are no known appeals or interferences that will affect, be directly 
affected by, or have a bearing on the Board's decision in this Appeal. 

III. STATUS OF CLAIMS; 

Claims 1-14 are pending in the application, with claims 1 and 9 being 
written in independent form. 

Claims 1-14 remain finally rejected under 35 U.S.C. §101 as well as 35 
U.S.C. §103(a). Claims 1-14 are being appealed. 

IV. STATUS OF AMENDMENTS; 

An Amendment After Final ("AAF") was filed on January 30, 2007. In an 
Advisory Action dated February 15, 2007, the Examiner stated that the AAF 
overcame the 35 U.S.C. §112 rejections but, otherwise, did not place the 
application in condition for allowance. 



1 



APPELLANTS' BRIEF ON APPEAL (Corrected) 
U.S. Application No.: 09/675,399 
Atty. Docket: 129250-001034/US 



V. SUMMARY OF CLAIMED SUBJECT MATTER; 



(i). Overview of the Subject Matter of the Independent Claims 

The present invention is directed at providing methods and devices that 
allow individuals and groups of individuals ("users") the ability to securely 
access multiple "applications" running on multiple servers faster and easier than 
previously thought possible. More specifically, the claims are directed at an 
authentication server and related methods that both: (i) establish a two-way 
trusted communication link; and (ii) allow an authenticated user to access a 
list of application servers associated with a client identifier. More specifically, 
independent claim 1 reads as follows (specification citations in parenthesis are 
exemplary only): 

1. An automated authentication handling system 

comprising: 

an authentication server operable to: 

establish a two-way trusted communication link with an 
authenticated user (page 7, line 24 to page 8, line 7 and Figure 6 for example); 
and 

establish access for the authenticated user to a list of 
application servers associated with a client identifier (page 4, line 25 to 
page, 5 line 3, page 6, lines 3-9, and Figure 5 for example) . 



Independent claim 9 reads as follows: 

9. A method for automatically authenticating a client comprising 
the steps of: 

providing an authentication server (Figures 4 through 6; in 
Figure 4, item 111); 

identifying clients to access a plurality of application servers by 
said authentication server (page 4, lines 21-23) ; 

establishing a two-way trusted communication link with an 
authenticated client (page 7, line 24 to page 8, line 7 and Figure 6 for 
example); and 
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establishing access between a client and an application server 
selected from a list of application servers associated with a client identifier 

(page 4, line 25 to page, 5 line 3, page 6, lines 3-9 and Figure 5 for example). 

In order to make the overview set forth above concise the disclosure that 
has been included, or referred to, above only represents a portion of the total 
disclosure set forth in the Specification that supports the independent claims. 

(ii). The Remainder of the Specification Also Supports the Claims 

The Appellants note that there may be additional disclosure in the 
Specification that also supports the independent and dependent claims. 
Further, by referring to the disclosure above the Appellants do not represent 
that this is the only evidence that supports the independent claims nor do 
Appellants necessarily represent that this disclosure can be used to fully 
interpret the claims of the present invention. Instead, this disclosure is an 
overview of the claimed subject matter. 

VI. GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL; 

Appellants seek the Board's review and reversal of the rejection of claims 
1-14 based on 35 U.S.C. §101, and §103(a) based on Gudbjartsson et al, U.S. 
Patent Publication No. 2001/0027519 ("Gudbjartsson") in combination with 
Reed et al., U.S. Patent No. 5,862,325 ("Reed"). 

VII. ARGUMENTS; 

A. The Section 101 Rejections 

Because claims 1 and 9 are the independent claims the Applicants 
will address their arguments to these claims, it being understood that the 
same arguments apply to dependent claims 2-8 and 10-14. Therefore, the 
present appeal of claims 2-8 and 10-14 stands or falls based on the 
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arguments set forth herein with respect to claims 1 and 9 (see MPEP 
§1205.02). 

Claims 1-14 were rejected under 35 U.S.C. §101, the Examiner taking 
the position that claims 1 and 9 fail to establish a "clear result" because 
"[n]either independent claim... communicates (presents the result 
"establishment of the link") to the user". Appellants disagree and traverse these 
rejections for at least the following reasons. 

The pertinent part of claim 1 reads as follows: 

"...an authentication server to: 

establish a two-way trusted communication link with an authenticated 
user..." 

The pertinent part of claim 9 reads as follows: 

"A method for automatically authenticating a client comprising the steps 

of....: 

...establishing a two-way trusted communication link with an 
authenticated client..." 

Both claims 1 and 9 clearly set forth the establishment of a trusted two- 
way link with a user or client. In claim 1 this establishment is carried out by 
an authentication server while in claim 9 it is part of a process. The Appellants 
are, respectfully speaking, baffled by the Examiner's continued rejection of 
these claims based on §101. 

The CAFC in State Street Bank & Trust v. Signature Financial Group, 47 
USPQ 2d 1596, 1601-1602 (Fed. Cir. 1998) stated that as long as a claim 
produces a "useful, concrete and tangible result" such a claim is patentable 
subject matter under §101. Here, without any factual or legal support 
whatsoever, the Examiner has stated that merely establishing a trusted two- 
way communication link is not a tangible result. Apparently the Examiner has 
not read the instant specification which describes in detail how the 
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establishment of such a link clearly leads to tangible results. Further, 
Appellants submit that existing patents issued by the USPTO clearly indicate 
that the establishment of a link as a part of a claim is a tangible result (see first 
page of computer search of USPTO 's Full-text And Image Database attached as 
Exhibit 1, which identifies 2,825 issued patents whose claims contain the 
words "establish" and "link".). 

Absent a legal or factual basis for his position, the Appellants 
respectfully submit that the Examiner has failed to set forth a prima facie case 
of unpatentability. 

Further, this Court and the CAFC have repeatedly said that claims must 
be given their broadest reasonable interpretation that is consistent with the 
specification. The present specification includes examples, in detail, of how the 
claimed authentication server may "establish" a trusted two-way link. Given 
such examples, there is no reason why the Examiner cannot reasonably 
interpret the meaning of "establish" in the claims. It is respectfully submitted 
that the Examiner has failed to carry out a reasonable interpretation of the 
claims which again is required to establish a prima facie case of 
unpatentability. 

It may be that the Examiner is requesting that the Appellants explain in 
the claims how the trusted two-way link is established. However, as the 
Examiner knows well it is not necessary for patentability that the claims 
contain the specific details of the examples given in the specification as long as 
the claimed subject matter is supported by the specification's disclosure, which 
it is. 

The important aspect of the claims is not the specifics of how the trusted 
two-way link is created; that may be carried out in any number of ways. The 
importance is that the establishment of such a two-way link is needed as a part 
of the actions of the claimed server or as a part of the claimed process. For 
example, the establishment of a two-way link is needed in order to complete 



5 



APPELLANTS' BRIEF ON APPEAL (Corrected) 
U.S. Application No.: 09/675,399 
Atty. Docket: 129250-001034/US 

the second step of claim 9, mainly, to allow an authenticated user access to a 
list of application servers associated with a client identifier. 

Appellants respectfully request that the Examiner either present a legal 
and/ or factual basis for the rejection of claims 1-14 or else withdraw the 
rejections. Simply setting forth a personal opinion without any legal or factual 
basis for such a statement does not present a prima facie case of 
unpatentability and is otherwise impermissible. 

Accordingly, Appellants respectfully request that the members of the 
Board reverse the decision of the Examiner and allow claims 1-14. 

B. The Section 103 Rejections 

Claims 1-14 were rejected under 35 U.S.C. §103 (a) as being 
unpatentable over Gudbjartsson in combination with Reed. Appellants 
disagree for at least the following reasons. 

Gudbjartsson does not disclose or suggest an authentication server that 
establishes a two-way trusted communication link for access by an 
authenticated user to a list of application servers associated with a client 
identifier. 

In the Final Office Action the Examiner refers to paragraphs 30 and 56 of 
Gudbjartsson as supposedly disclosing the claimed client identifiers. 
Appellants disagree. The "personal identifiers" sent from many users discussed 
in Gudbjartsson are used to form a single password (see paragraph 50 in 
Gudbjartsson) in such a way that the original users' identities are kept secret 
from an entity that receives the combined password. As such, these personal 
identifiers have little or nothing to do with a list of application servers or access 
to such a list of servers as in the claims of the present invention. Further, Reed 
does not make up for the deficiencies of Gudbjartsson as acknowledged by the 
Examiner. 

Accordingly, Appellants respectfully submit that the claims of the present 
invention would not have been obvious to one of ordinary skill in the art at the 
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time the present application was filed upon reading the disclosures of 
Gudbjartsson and Reed because taken separately, or in combination, neither 
reference discloses or suggests an authentication server that both establishes a 
two-way trusted communication link and allows an authenticated user access 
to a list of application servers associated with a client identifier, as in the 
claims of the present invention. 

Further, Appellants respectfully submit that the combination of 
Gudbjartsson with Reed is impermissible because such a combination would 
require one or both of these references to modify their principle of operation to 
such an extent that the modifications would frustrate or destroy their intended 
operations. For example. Reed explicitly requires either all, or a sufficient 
number of users (called 'keyholders"), to be present when its' system is started 
for the first time or restarted. Thus, there is little automation of the start-up or 
re-start up authentication process in Reed. In contrast, Gudbjartsson's main 
thrust is to provide an automated communication system which requires as 
little user involvement as possible, let alone the involvement of multiple users. 
Combining the two would either require Reed to change its principle of 
operation such that its starting or re-starting authentication process (if it's 
even such process) does not require the same user or more than one user or 
require Gudbjartsson to change its principle of operation to allow more user 
involvement. Both alternatives are inopposite to the stated goals of these 
references. 

In sum. Appellants respectfully request that the members of the Board 
reverse the decision of the Examiner and allow claims 1-14. 
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Conclusion; 

Appellants respectfully request that members of the Board reverse the 
decision of the Examiner and allow claims 1-14. 

The Commissioner is authorized in this, concurrent, and future replies, 
to charge payment or credit any overpayment to Deposit Account No. 50-3777 
for any additional fees required under 37 C.F.R. § 1.16 or under 37 C.F.R. § 
1.17; particularly, extension of time fees. 

Respectfully submitted, 

Capitol Patent & Trademark Law Firm, PLLC 

By: //John E. Curtin// 

John E. Curtin, Reg. No. 37,602 



P.O. Box 1995 
Vienna, VA 22183 
(703)266-3330 
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VIII. CLAIMS APPENDIX 

1 . An automated authentication handling system comprising: 
an authentication server to: 

establish a two-way trusted communication link with an authenticated 
user ; and 

establish access for the authenticated user to a list of application servers 
associated with a client identifier. 

2. The automated authentication handling system of claim 1 
wherein said authentication server includes: 

an identification engine configured to maintain collections of session 
assignments, each of said session assignment collections being associated with 
the client identifier. 

3. The automated authentication handling system of claim 2 
wherein said identification engine receives client identifiers from said clients to 
establish authenticated users and responsive thereto to provide a user interface 
to access said application servers according to said associated session 
assignments. 

4. The automated authentication handling system of claim 1 
wherein said authentication server includes: 

a communication initiator engine configured to establish the trusted 
communication link between said authenticated users and an application server 
on said list. 

5. The automated authentication handling system of claim 3 
wherein said authentication server includes: 

a communication initiator engine configured to establish the trusted 
communication link defined to one of said session assignments between said 
authenticated users and said application server. 
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6. The automated authentication handling system of claim 1 
wherein said session assignments include data fields selected from the group 
consisting of session timeout and application access level. 

7. The automated authentication handling system of claim 1 
wherein said client identifier includes a user id and password. 

8. The automated authentication handling system of claim 1 
wherein said authentication server includes a processor under the control of 
software to: 

receive an authentication signal from said client; 

provide an application access interface to said client in response to 
said authentication signal; and 

establish the trusted communication link between said client and 
an application server selected from said application access interface. 

9. A method for automatically authenticating a client comprising 

the steps of: 

providing an authentication server; 

identifying clients to access a plurality of application servers by said 
authentication server; 

establishing a two-way trusted communication link with an authenticated 
client; and establishing access between a client and an application server 
selected from a list of 

application servers associated with a client identifier. 

10. The method of claim 9 wherein said identifying step includes: 
providing session parameters for each of said identified clients for at 

least one of said application servers. 

11. The method of claim 9 wherein said identifying step includes: 
providing a user interface to said identified clients to access said 

application servers. 
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12. The method of claim 10 wherein said establishing step 

includes: 

using said session parameters to establish said trusted 
communication link. 

13. The method of claim 1 1 wherein said user interface includes a 
listing of application servers and said establishing steps are initiated following a 
selection of an application server by a user from said user interface. 

14. The method as in claim 1 further comprising a plurality of 
application servers connected to said network, each requiring authentication for 
access. 

IX. EVIDENCE APPENDIX 

None. 

X. RELATED PROCEEDINGS APPENDIX 

None. 
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